CVE-2018-1524
First published: Fri Aug 03 2018(Updated: )
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | >=7.6.0.0<=7.6.3.0 | |
| Ibm Maximo For Aviation | =7.6.0.0 | |
| Ibm Maximo For Aviation | =7.6.1.0 | |
| Ibm Maximo For Aviation | =7.6.2.0 | |
| Ibm Maximo For Aviation | =7.6.2.1 | |
| Ibm Maximo For Aviation | =7.6.3.0 | |
| Ibm Maximo For Life Sciences | =7.6.0.0 | |
| Ibm Maximo For Nuclear Power | =7.6.0.0 | |
| Ibm Maximo For Oil And Gas | =7.5.0.0 | |
| Ibm Maximo For Oil And Gas | =7.6.0.0 | |
| Ibm Maximo For Transportation | =7.6.1.0 | |
| Ibm Maximo For Transportation | =7.6.2.0 | |
| Ibm Maximo For Transportation | =7.6.2.1 | |
| Ibm Maximo For Transportation | =7.6.2.2 | |
| Ibm Maximo For Transportation | =7.6.2.3 | |
| Ibm Maximo For Transportation | =7.6.2.4 | |
| Ibm Maximo For Utilities | =7.6.0.0 | |
| IBM SmartCloud Control Desk | =7.6.0.0 | |
| IBM SmartCloud Control Desk | =7.6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1524?
CVE-2018-1524 is a vulnerability in IBM Maximo Asset Management 7.6 through 7.6.3 that allows a remote intruder to gain administrator access to the system.
How severe is CVE-2018-1524?
CVE-2018-1524 has a severity of 8.8 (critical).
Which IBM products are affected by CVE-2018-1524?
IBM Maximo Asset Management 7.6 through 7.6.3, IBM Maximo For Aviation 7.6.0.0 through 7.6.3.0, IBM Maximo For Life Sciences 7.6.0.0, IBM Maximo For Nuclear Power 7.6.0.0, IBM Maximo For Oil And Gas 7.5.0.0 and 7.6.0.0, IBM Maximo For Transportation 7.6.1.0 through 7.6.2.4, IBM Maximo For Utilities 7.6.0.0, and IBM SmartCloud Control Desk 7.6.0.0 and 7.6.0.1 are affected.
Is there a fix for CVE-2018-1524?
Yes, there is a fix available. Please refer to the IBM support document in the references for more information.
Where can I find more information about CVE-2018-1524?
More information about CVE-2018-1524 can be found in the IBM X-Force ID and the IBM support document in the references.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.0.0
- version/ibm maximo asset management/7.6.3.0
- canonical/ibm maximo for aviation
- version/ibm maximo for aviation/7.6.0.0
- version/ibm maximo for aviation/7.6.1.0
- version/ibm maximo for aviation/7.6.2.0
- version/ibm maximo for aviation/7.6.2.1
- version/ibm maximo for aviation/7.6.3.0
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.6.0.0
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.6.0.0
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.5.0.0
- version/ibm maximo for oil and gas/7.6.0.0
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.6.1.0
- version/ibm maximo for transportation/7.6.2.0
- version/ibm maximo for transportation/7.6.2.1
- version/ibm maximo for transportation/7.6.2.2
- version/ibm maximo for transportation/7.6.2.3
- version/ibm maximo for transportation/7.6.2.4
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.6.0.0
- canonical/ibm smartcloud control desk
- version/ibm smartcloud control desk/7.6.0.0
- version/ibm smartcloud control desk/7.6.0.1